[Date Prev][Date Next] [Chronological] [Thread] [Top]

slapd crash with passwd database, and a patch (ITS#1467)

Full_Name: Brad Thompson
Version: 2.0.14 and 2.0.18
OS: Debian Linux (Woody)
URL: ftp://ftp.openldap.org/incoming/
Submission from: (NULL) (18.187.6.228)


When I run slapd like:

  slapd -d 1023 -f ~/ldap/slapd.conf -h ldap://localhost:1234

And ~/ldap/slapd.conf contains:

  include /usr/local/etc/openldap/schema/core.schema
  database passwd
  suffix "dc=vecna,dc=com"
  access to *
    by anonymous read
    by * read

And I search it with:
  ldapsearch -x -H ldap://localhost:1234 -b 'dc=vecna,dc=com' 'objectclass=*'

It segfaults.  Here is a backtrace:

#0  0x0805ff47 in acl_get (a=0x80b3f58, count=0xbf5ff868, be=0x80b3ed8,
    op=0x80bb708, e=0x80c2568, desc=0x80bb890, nmatch=10, matches=0xbf5ff870)
    at acl.c:258
#1  0x0805fcd4 in access_allowed (be=0x80b3ed8, conn=0x4029797c, op=0x80bb708,
    e=0x80c2568, desc=0x80bb890, val=0x0, access=ACL_SEARCH) at acl.c:195
#2  0x0805ef31 in test_presence_filter (be=0x80b3ed8, conn=0x4029797c,
    op=0x80bb708, e=0x80c2568, desc=0x80bb890) at filterentry.c:245
#3  0x0805eb68 in test_filter (be=0x80b3ed8, conn=0x4029797c, op=0x80bb708,
    e=0x80c2568, f=0x80bb830) at filterentry.c:93
#4  0x0806f571 in passwd_back_search (be=0x80b3ed8, conn=0x4029797c,
    op=0x80bb708, base=0x80bb640 "dc=vecna,dc=com",
    nbase=0x80bb658 "DC=VECNA,DC=COM", scope=2, deref=0, slimit=0, tlimit=0,
    filter=0x80bb830, filterstr=0x80bb860 "(objectClass=*)", attrs=0x0,
    attrsonly=0) at search.c:134
#5  0x080509cd in do_search (conn=0x4029797c, op=0x80bb708) at search.c:278
#6  0x0804f6bc in connection_operation (arg_v=0x80bb6a0) at connection.c:831
#7  0x08075522 in ldap_int_thread_pool_wrapper (pool=0x80a1a28) at tpool.c:379
#8  0x40156eca in pthread_start_thread () from /lib/libpthread.so.0
#9  0x40156f11 in pthread_start_thread_event () from /lib/libpthread.so.0

Here is a patch to fix it.  I don't understand the code that well, so
it is possible it is the wrong fix, but it fixes the segfault and my
test case behaves properly.

--- search.c.orig	Tue Nov 27 17:04:19 2001
+++ search.c	Tue Nov 27 16:35:59 2001
@@ -84,6 +84,8 @@
 			e = (Entry *) ch_calloc(1, sizeof(Entry));
 			e->e_attrs = NULL;
 			e->e_dn = ch_strdup( base );
+			e->e_ndn = ch_strdup( base );
+			(void) dn_normalize( e->e_ndn );
 
 			/* Use the first attribute of the DN
 			* as an attribute within the entry itself.